Active Directory Logical Structure

Forest

Forest is the term used to describe a collection of Active Directory trees. Each tree in a forest has its own distinct namespace. For example, lets say that my company owned another smaller company called Acme Plumbing. If I wanted Acme Plumbing to have its own distinct name and domain, I might end up with a collection of trees, forming a forest, as shown below:

The acmeplumbing.com domain is part of the same forest as the win2000trainer.com domain tree, but is still its own domain and tree. Note that there are transitive trust relationships between the root domains of every tree in a forest – this allows acmeplumbing.com users to access resources in the win2000trainer.com tree and vice versa, while allow them to maintain distinct identities. Note that the first domain created in a forest is considered the forest root. One important feature of a forest is that every single domain shares a common schema – the definition of the different types of objects and associated attributes that may be created with the forest. It is also important to recognize that a forest might be made up of a single tree, containing a single domain. It may be small, but technically it is still a forest!